exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

CVE-2013-2172

Status Candidate

Overview

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Related Files

Debian Security Advisory 3065-1
Posted Nov 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3065-1 - James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.

tags | advisory, java, arbitrary, spoof
systems | linux, debian
advisories | CVE-2013-2172
MD5 | 59f2186114c0c9af25b2e0bee20904e8
Red Hat Security Advisory 2014-1369-01
Posted Oct 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1369-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P6 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. The following security issues are addressed with this release: It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2172, CVE-2014-0074, CVE-2014-0107
MD5 | 5863702dfae5df868f78b3a7faa8d090
Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | cc88ecdb91a716104a78df1b3dd9c664
Red Hat Security Advisory 2014-0212-01
Posted Feb 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0212-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2172, CVE-2013-4152
MD5 | d173e233d630865056e5fd610c557587
Red Hat Security Advisory 2013-1853-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1853-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.0 release serves as a replacement for JBoss Operations Network 3.1.2, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5783, CVE-2013-2172
MD5 | 4094e5039faeab9f11106e90c2383de5
Ubuntu Security Notice USN-2028-1
Posted Nov 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2028-1 - James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures.

tags | advisory, java, spoof
systems | linux, ubuntu
advisories | CVE-2013-2172
MD5 | 4ea28a1e782afebee727a01315b3abf0
Red Hat Security Advisory 2013-1437-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1437-01 - This Red Hat JBoss Portal 6.1.0 release serves as a replacement for 6.0.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-4529, CVE-2012-4572, CVE-2012-5575, CVE-2013-1921, CVE-2013-2067, CVE-2013-2102, CVE-2013-2160, CVE-2013-2172, CVE-2013-4112, CVE-2013-4128, CVE-2013-4213
MD5 | c3d6165d5ee0adc08d405a45ff63527f
Red Hat Security Advisory 2013-1375-01
Posted Sep 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1375-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
MD5 | 3fdba7683671327b6e454b320f5e6799
Red Hat Security Advisory 2013-1218-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1218-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
MD5 | a6c50c5adb2cae53d0411656c1cf4f50
Red Hat Security Advisory 2013-1219-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1219-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
MD5 | 7583fd22d0426f64ceccc8c238a80aa8
Red Hat Security Advisory 2013-1217-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1217-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
MD5 | ea1e8597d73b473ee0b4b08a0cc38128
Red Hat Security Advisory 2013-1220-01
Posted Sep 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1220-01 - Apache Santuario implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2172
MD5 | 0449ea62492f6c1ca616dc82972f24fc
Red Hat Security Advisory 2013-1207-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1207-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
MD5 | 57f850de7fc7ad6370fd505d5c8d0a67
Red Hat Security Advisory 2013-1208-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1208-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
MD5 | 2a6821ae0d1055c847f904a19fd221a8
Red Hat Security Advisory 2013-1209-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1209-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
MD5 | 9eb099e79e1ae079b63410d608655692
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close